CVE-2022-36170

MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion...

Use of Hard-coded Credentials in AgileConfig.Client

Hardcoded JWT Secret in AgileConfig 1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access...

PT-2022-23241 · Unknown · Mapgis 10.5 Pro Igserver

Name of the Vulnerable Software and Affected Versions: MapGIS 10.5 Pro IGServer version 10.5 Description: The issue is related to hardcoded credentials in the front-end of the software, which can lead to escalation of privileges and arbitrary file deletion. Recommendations: For MapGIS 10.5 Pro...

Hardcoded credentials

Hardcoded JWT Secret in AgileConfig 1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access...

Hardcoded credentials

Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service device malfunction and system crash via a resonant-frequency attack with the audio signal from the Rhythm Nation music video. A reported produ...

Atlassian Confluence: Questions for Confluence App Hardcoded Credentials Vulnerability (CVE-2022-26138)

Over the last few months, Atlassian Confluence has increasingly become a target for attackers. In June 2022, a critical severity OGNL Remote Code Execution vulnerability was disclosed CVE-2022-26134. More recently, CVE-2022-26138 was disclosed on social media platforms in July 2022. In...

Hardcoded credentials

'Hulu / ????' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

Hardcoded credentials

websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...

Atlassian Questions For Confluence 2.7.34 / 2.7.35 / 3.0.2 Hardcoded Credentials

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit...

Atlassian Questions for Confluence App Hardcoded Credentials (CVE-2022-26138)

A hardcoded credentials vulnerability exists in Atlassian Questions for Confluence App. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...

Hardcoded credentials

Totolink A3600RFirmware V4.1.2cu.5182B20201102 contains a hard code password for root in /etc/shadow.sample...

Hardcoded credentials

OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service...

CVE-2022-30316

Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...

CVE-2022-30316

Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...

CVE-2022-30314

Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The...

Hardcoded credentials

Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...

Hardcoded credentials

Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key...

Hardcoded credentials

In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

Hardcoded credentials

The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts such as /etc/init.d/sshdservice only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default...

Hardcoded credentials

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm TEA in ECB mode using a hardcode...